Security updates

Security updates can be run on demand or scheduled to run on a daily basis. The commands to perform the security updates are listed below. Plixer recommends scheduled updates be enabled to ensure maximum protection. The update process will reach out to a plixer repository at to pull down updates. Those updates have been applied to our QA servers internally and determined to be stable before being posted to our repository.

All patches and updates, including vulnerabilities and major upgrades, are included in the system updates. An audit event will be logged to the Scrutinizer Alarms table whenever the ‘system update’ command is run. Each update will also be listed within the audit event. In the event of a problem with the security updates, yum history can be used to roll back updates. If a proxy server is required, it can be configured within the yum.conf file.

The system update command runs yum update using https. Firewall policies will need to allow traffic to on TCP port 443 from your Scrutinizer servers. Cryptographic verification of the downloaded update files is provided by yum.

The system update command will need to be run on each server in a distributed environment. It can be run directly from the command line and also from within the Interactive scrut_util utility. If operating system patches are applied, all Scrutinizer services will be restarted. This can cause a minute of missed data.

To pull down updates from

scrut_util.exe --system update

To schedule the updates to be pulled from on a daily basis:

scrut_util.exe --system update --schedule

A random hour/minute is chosen to run the update. This time is selected outside of the ‘business hours’ set in the Admin > Settings > Reporting page. An alert is sent to Scrutinizer and can be viewed in the Audit Event policy in the Alarms tab.

To cancel the daily update schedule:

scrut_util.exe --system update --unschedule

Interactive scrut_util

The following command syntax is used from within the interactive mode of the scrut_util utility. Running scrut_util.exe from command line will open the interactive prompt.

To pull down updates from

SCRUTINIZER> system update

To schedule the updates to be pulled from on a daily basis:

SCRUTINIZER> system update schedule

To cancel the daily update schedule:

SCRUTINIZER> system update unschedule